Why Your Antivirus System is Ineffective

You’re on your computer downloading a few programs that you need. Once the program has completed downloading, you decide to scan it with an antivirus to make sure it is safe. The scan comes up clean with no issues, so you are safe to run the program. Or are you?

Antivirus companies do a great job at convincing you that they can catch any malicious program downloaded onto your computer. The question is, how effective are these programs actually, and how do they even work?

Most modern antivirus systems use signature-based detection systems in order to detect viruses. Basically, every program has a unique signature, based on the structure of the program. The antivirus will scan the file for the signature, and check it against a database of known virus signatures, and alert you of any matches.

The issue with this system of scanning becomes evident when we consider viruses that are not commonly used or known. Exploits that use new vulnerabilities, or zero day exploits are new to everyone, and antivirus systems will likely not catch them. An attacker could even do something as simple as encrypting a program source code, or compiling it in a unique way, and this could also cause an antivirus to fail to detect any issues.

Let’s look at a simple example. Using a program called Metasploit, we can generate a common virus script that could be used to infect a target computer. If I run the command below, I will get a python script that will create a connection between myself…